---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------
+ Oprettet den: 21:43:12, 06-05-2006
+ Rapport-Checksum: B990A03
+ Scanningsresultat:
HKLM\SOFTWARE\Classes\ImgConv.clsImgConv -> Adware.WebRebates : Renset med backup
HKLM\SOFTWARE\Classes\ImgConv.clsImgConv\Clsid -> Adware.WebRebates : Renset med backup
HKLM\SOFTWARE\Classes\WinRes.WindowsResources -> Adware.CoolWebSearch : Renset med backup
HKLM\SOFTWARE\Classes\WinRes.WindowsResources\CLSID -> Adware.CoolWebSearch : Renset med backup
HKLM\SOFTWARE\Classes\WinRes.WindowsResources\CurVer -> Adware.CoolWebSearch : Renset med backup
HKLM\SOFTWARE\Classes\WinRes.WindowsResources.1 -> Adware.CoolWebSearch : Renset med backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows SR 3.0 -> Adware.BlazeFind : Renset med backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows SR 3.0\- -> Adware.BlazeFind : Renset med backup
HKLM\SOFTWARE\WildMedia -> Adware.MidAddle : Renset med backup
HKLM\SOFTWARE\WildMedia\LicenseStores -> Adware.MidAddle : Renset med backup
[692] C:\WINDOWS\system32\winqtd32.dll -> Trojan.Agent.qt : Renset med backup
C:\Documents and Settings\Asger\.jpi_cache\file\1.0\ok.class-602516f-2f13f88a.class -> Trojan.Nocheat : Renset med backup
C:\Documents and Settings\Asger\.jpi_cache\jar\1.0\loaderadv255.jar-30cef831-539737df.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Renset med backup
C:\Documents and Settings\Asger\Cookies\asger@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Renset med backup
C:\Documents and Settings\Asger\Cookies\asger@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Renset med backup
C:\Documents and Settings\Asger\Cookies\asger@burstnet[2].txt -> TrackingCookie.Burstnet : Renset med backup
C:\Documents and Settings\Asger\Cookies\asger@c.enhance[1].txt -> TrackingCookie.Enhance : Renset med backup
C:\Documents and Settings\Asger\Cookies\asger@clickbank[2].txt -> TrackingCookie.Clickbank : Renset med backup
C:\Documents and Settings\Asger\Cookies\asger@com[1].txt -> TrackingCookie.Com : Renset med backup
C:\Documents and Settings\Asger\Cookies\asger@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Renset med backup
C:\Documents and Settings\Asger\Cookies\asger@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Renset med backup
C:\Documents and Settings\Asger\Cookies\asger@fuck-access[1].txt -> TrackingCookie.Fuck-access : Renset med backup
C:\Documents and Settings\Asger\Cookies\asger@image.masterstats[1].txt -> TrackingCookie.Masterstats : Renset med backup
C:\Documents and Settings\Asger\Cookies\asger@ivwbox[1].txt -> TrackingCookie.Ivwbox : Renset med backup
C:\Documents and Settings\Asger\Cookies\asger@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Renset med backup
C:\Documents and Settings\Asger\Cookies\asger@starware[2].txt -> TrackingCookie.Starware : Renset med backup
C:\Documents and Settings\Asger\Cookies\asger@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Renset med backup
C:\Documents and Settings\Asger\Cookies\asger@tacoda[2].txt -> TrackingCookie.Tacoda : Renset med backup
C:\Documents and Settings\Asger\Cookies\asger@webstat[2].txt -> TrackingCookie.Web-stat : Renset med backup
C:\Documents and Settings\Asger\Cookies\asger@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Renset med backup
C:\Documents and Settings\Asger\Cookies\asger@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Renset med backup
C:\Documents and Settings\Asger\Cookies\asger@yadro[2].txt -> TrackingCookie.Yadro : Renset med backup
C:\Documents and Settings\Asger\Cookies\asger@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Renset med backup
C:\Documents and Settings\Asger\Dokumenter\Sjov & Spas\Sjovt\Password.exe -> Hijacker.Chimoz.p : Renset med backup
C:\WINDOWS\system32\advpack5.exe -> Adware.AdSrve : Renset med backup
C:\WINDOWS\system32\batt7093.exe -> Adware.AdSrve : Renset med backup
C:\WINDOWS\system32\bootvid9.exe -> Adware.AdSrve : Renset med backup
C:\WINDOWS\system32\browselc.exe -> Adware.IEDriver : Renset med backup
C:\WINDOWS\system32\winqtd32.dll -> Trojan.Agent.qt : Renset med backup
C:\WINDOWS\Temp\win1D15.tmp.exe -> Downloader.IstBar.eq : Renset med backup
C:\WINDOWS\Temp\win32C0.tmp.exe -> Downloader.IstBar.eq : Renset med backup
C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Renset med backup
D:\Software\Application hacks [Serials & activation]\Office XP & 2003 AntiActivation\Anti-MSOPA.exe/Anti-MSOPA.exe -> Trojan.Agent.jh : Fejl under renselse
D:\Software\Game\Full Games\DX-Ball 1 & 2 + Updates & Extras\DxBall1.09 trainer\Trainer.exe -> Dropper.Small : Renset med backup
::Rapport slut
SmitFraudFix v2.40
Scan done at 19:51:51,03, 06-05-2006
Run from C:\Documents and Settings\Asger\Skrivebord\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp????.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\Asger\FORETR~1\Antivirus Test Online.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of HijackThis v1.99.1
Scan saved at 21:55:04, on 06-05-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Portrait Displays\forteManager\dtsslsrv.exe
C:\Programmer\Portrait Displays\forteManager\DTSRVC.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Messenger Plus! 3\MsgPlus.exe
C:\Programmer\D-Link\AirPlus G\AirGCFG.exe
C:\Programmer\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmer\Google\Gmail Notifier\gnotify.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\WinPortrait\wpctrl.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\WinPortrait\floater.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Programmer\Portrait Displays\forteManager\dthtml.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Red Chair Software\Notmad Explorer\notmgr.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
D:\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmer\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmer\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PivotSoftware] "C:\Programmer\WinPortrait\wpctrl.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [STYLEXP] C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [RealPlayer] "C:\Programmer\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Startup: Notmad Manager.lnk = C:\Programmer\Red Chair Software\Notmad Explorer\notmgr.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Startup: Update TUT.lnk = C:\Programmer\AnswersThatWork\Troubleshooter\WiseUpdt.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: forteManager.lnk = C:\Programmer\Portrait Displays\forteManager\dthtml.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader -
http://www.miniclip.com/hamsterball/raptisoftgameloader.cabO16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) -
http://downol.dr.dk/download/netradio/Rawflow.cabO16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -
http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.0.84.cabO16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) -
https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exeO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) -
http://files.ea.com/downloads/rtpatch/v2/EARTPX.cabO16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} -
http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cabO16 - DPF: {EDAF796E-9210-4417-ADDC-2AB18E4F6C27} (Hjemmeside.KvikFoto) -
http://www.123hjemmeside.dk/builder/pages/KvikFoto.CABO17 - HKLM\System\CCS\Services\Tcpip\..\{4A8FA955-4DB7-4E24-9B65-66BC00D8506A}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{97E734AE-52B0-4635-B5B1-2211D9B9B908}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C43FF9A0-60BC-4922-ACA1-95D310485252}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winqtd32 - winqtd32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Programmer\Portrait Displays\forteManager\dtsslsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programmer\Portrait Displays\forteManager\DTSRVC.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Ntvrkx2pwlnm - ATI Technologies Inc. - C:\WINDOWS\system32\drivers\atinsnxx.sys
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe